We have multiple realms we are wanting to authenticate.  However, we 
have some users that should only be able to authenticate in one realm.

Here's the scenario:

User joe should log in as [EMAIL PROTECTED]  If he does, his name is 
rewritten to 'joe' and passed to the Unix passwd check for verification.  
He should be able to log in this way, but he should NOT be allowed to log 
in as [EMAIL PROTECTED] or [EMAIL PROTECTED]

I thought I could simply add this in the 'users' file:

joe             Auth-Type = System, Realm = filter.wingnet.net

However, after the name is rewritten to 'joe' and passed to the AuthUNIX 
it kicks back this error:

AuthUNIX llks for match with joe
AuthUNIX REJECT: Realm does not match
AuthUNIX REJECT: Realm does not match
Access rejected for joe: Realm does not match

This appears to be frustrating my purpose.  Any ideas on how to do what 
I want to do?

btw -- my radius.cfg entry for the filter realm is thus:

<Realm filter.wingnet.net>
        RewriteUsername ....stuff per docs...
                <AuthBy FILE>
                        NoDefaultIfFound
                        DefaultSimultaneousUse 1
                        Filename %D/users
                </AuthBy>
</Realm>

Thanks for any help offered...



Craig Thompson
----------------------------------------------------------------------
WingNET Internet Services,
P.O. Box 3000 // Cleveland, TN 37320-3000
423-559-LINK (v)  423-559-5444 (f)
http://www.wingnet.net
----------------------------------------------------------------------

Thought for the day:
    Intuition (n): an uncanny sixth sense which tells people 
    that they are right, whether they are or not.


===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to